Homebrew fakeing a legit cia?

Dan-the-Rebirth

Well-Known Member
OP
Member
Joined
Jan 5, 2014
Messages
533
Trophies
0
Age
34
XP
1,322
Country
Australia
So i had an idea today...
We know legit cias contain files others dont, but why cant we decrypt a legit cia and inject a different game? We did it with vc games...
 
  • Like
Reactions: Margen67

johovahs

Well-Known Member
Newcomer
Joined
Feb 5, 2015
Messages
76
Trophies
0
Age
35
XP
70
Country
United States
So i had an idea today...
We know legit cias contain files others dont, but why cant we decrypt a legit cia and inject a different game? We did it with vc games...

Many of the goodies are kept private. Like some already have cfw with 7.x encryption working. Plus with gateway and other flashcarts, there is no need for legit CIAs. because it can run unsigned code. But for your question, it could be that no one figured it out yet or maybe someone has but hadn't made it public yet. But just get a gateway and enjoy. You will spend more time enjoying the new game releases without worrying when the next leak comes out.
 

cearp

瓜老外
Developer
Joined
May 26, 2008
Messages
8,639
Trophies
2
XP
7,867
Country
Tuvalu
So i had an idea today...
We know legit cias contain files others dont, but why cant we decrypt a legit cia and inject a different game? We did it with vc games...

what files does a legit cia have that others do not?? (is this some riddle? because the answer is none!) :D

so, decrypt a cia, replace files, repack...
that means it's not legit anymore :) sorry lol
we cannot change anything about it, it is as simple as that
 

leerpsp

Well-Known Member
Member
Joined
Feb 22, 2014
Messages
1,740
Trophies
0
Age
32
XP
1,759
Country
United States
It would have to because if im thinking right Legit CIA's are signed so they would have at list one more file the others don't have that is not decrypted. so if we had that then any one can be made Legit.
 

Aurora Wright

Well-Known Member
Member
Joined
Aug 13, 2006
Messages
1,549
Trophies
3
XP
4,353
Country
Italy
It would have to because if im thinking right Legit CIA's are signed so they would have at list one more file the others don't have that is not decrypted. so if we had that then any one can be made Legit.
You don't know what you're talking about, a digital signature is, to put it simple, a long sequence of bytes that is used by the console to verify that *that* content was "approved by Nintendo" for use with that/all the console(s). Legit cias have a "approved for all consoles" signature, but if you tampered with the content it would invalidate the signature and it would need to be signed again. This is why we need exploits to run unsigned code at all.
 

leerpsp

Well-Known Member
Member
Joined
Feb 22, 2014
Messages
1,740
Trophies
0
Age
32
XP
1,759
Country
United States
You don't know what you're talking about, a digital signature is, to put it simple, a long sequence of bytes that is used by the console to verify that *that* content was "approved by Nintendo" for use with that/all the console(s). Legit cias have a "approved for all consoles" signature, but if you tampered with the content it would invalidate the signature and it would need to be signed again. This is why we need exploits to run unsigned code at all.

will you have to rip/build that Legit CIA file so in a way that would be Tampering with it so your logic on that is not 100% and yes I do know what im talking about You just retold me what I not only all ready know but in a longer way, The Digital Signature is not decrypted for the public if it was we would have that >FILE< to use with other CIA files to sign them with now do others have the file to sign other CIA'S yes I know so. And Aurora all files are a long sequence of bytes.
 

The Real Jdbye

*is birb*
Member
Joined
Mar 17, 2010
Messages
22,206
Trophies
4
Location
Space
XP
11,698
Country
Norway
To do that we would need the signing key that only Nintendo has. We can build legit CIAs from certain titles because their content is already signed to work on any console, and we simply take that unmodified content and pack it into a CIA container. However, we have no possible way of getting the signing key, since it's not stored on the 3DS itself, it's only used by Nintendo when they build CIA files. The 3DS uses a public key to verify the signature, but we need the private key to actually sign files. There is no way to figure out the private key by having the public key, and bruteforcing it is not viable since it would probably not be finished in our lifetime even if every computer in the world was part of the effort.

will you have to rip/build that Legit CIA file so in a way that would be Tampering with it so your logic on that is not 100% and yes I do know what im talking about You just retold me what I not only all ready know but in a longer way, The Digital Signature is not decrypted for the public if it was we would have that >FILE< to use with other CIA files to sign them with now do others have the file to sign other CIA'S yes I know so. And Aurora all files are a long sequence of bytes.
What makes you think other people have the private key used to sign CIAs? Unless you are talking about Nintendo themselves, there is no way anyone else could get the key.
 
  • Like
Reactions: Margen67

cearp

瓜老外
Developer
Joined
May 26, 2008
Messages
8,639
Trophies
2
XP
7,867
Country
Tuvalu
It would have to because if im thinking right Legit CIA's are signed so they would have at list one more file the others don't have that is not decrypted. so if we had that then any one can be made Legit.

just because they are signed does not mean they have an 'extra' file!
it just mean the contents match up with the signature.
if the cia was not legit, it would be that the contents do not match up with the signature.
a cia file contains a few signatures, so editing any little part, will break at least one of them :)
 
  • Like
Reactions: liomajor

leerpsp

Well-Known Member
Member
Joined
Feb 22, 2014
Messages
1,740
Trophies
0
Age
32
XP
1,759
Country
United States
[quote="What makes you think other people have the private key used to sign CIAs? Unless you are talking about Nintendo themselves, there is no way anyone else could get the key.[/quote]

Lets just say I know things :yay:
 
  • Like
Reactions: Margen67

froggestspirit

D/P/Pt Demix Guy
Member
Joined
Jul 28, 2011
Messages
1,270
Trophies
0
XP
1,486
Country
United States
So, all you have to do is just resign it. you have a 1 in 2(to the power of the number of bits in a signature) chance!
Though I'm still surprised not many things have been said about the ds flashcart cia, whose signature is apparently not checked...
 

KingOfHell

Well-Known Member
Newcomer
Joined
Mar 15, 2015
Messages
74
Trophies
0
Age
35
XP
73
Country
United States
So, all you have to do is just resign it. you have a 1 in 2(to the power of the number of bits in a signature) chance!
Though I'm still surprised not many things have been said about the ds flashcart cia, whose signature is apparently not checked...

Ds flashcart cia? what?

Wouldn't that be a 1 in 2^2048 chance of correctly guessing the key?

Nobody outside of nintendo has the key, because if someone did they would be posting all over the internet "Hey, look how bick my peenie is! I have this and you cant have it!"
 
  • Like
Reactions: Margen67

froggestspirit

D/P/Pt Demix Guy
Member
Joined
Jul 28, 2011
Messages
1,270
Trophies
0
XP
1,486
Country
United States
1947294890fdb02983deadbeefguys249272949gdleet4821111111C. There's your key!
Anyways, the DS fashcart blacklist thing, I've heard the signature doesnt need to be proper for that one to work?
 

cearp

瓜老外
Developer
Joined
May 26, 2008
Messages
8,639
Trophies
2
XP
7,867
Country
Tuvalu
So, all you have to do is just resign it. you have a 1 in 2(to the power of the number of bits in a signature) chance!
Though I'm still surprised not many things have been said about the ds flashcart cia, whose signature is apparently not checked...

the whitelist gets broken and can't be loaded, so that is fine :)
 
  • Like
Reactions: Margen67

You may also like...

General chit-chat
Help Users
  • No one is chatting at the moment.
    CupheadtheCritic @ CupheadtheCritic: Ello